@umituz/react-native-firebase 2.4.14 → 2.4.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@umituz/react-native-firebase",
-  "version": "2.4.14",
+  "version": "2.4.16",
   "description": "Unified Firebase package for React Native apps - Auth and Firestore services using Firebase JS SDK (no native modules).",
   "main": "./src/index.ts",
   "types": "./src/index.ts",

package/src/domains/account-deletion/infrastructure/services/account-deletion.service.ts

@@ -14,8 +14,9 @@ import {
   reauthenticateWithPassword,
   reauthenticateWithGoogle,
 } from "./reauthentication.service";
-import { successResult, type Result, toAuthErrorInfo } from "../../../../shared/domain/utils";
+import { successResult, type Result, toErrorInfo } from "../../../../shared/domain/utils";
 import type { AccountDeletionOptions } from "../../application/ports/reauthentication.types";
+import { validateUserUnchanged } from "../../../auth/domain/utils/user-validation.util";
 
 export interface AccountDeletionResult extends Result<void> {
   requiresReauth?: boolean;
@@ -101,15 +102,16 @@ export async function deleteCurrentUser(
     }
 
     try {
-      // FIX: Verify user hasn't changed before deletion
-      const currentUserId = auth.currentUser?.uid;
-      if (currentUserId !== originalUserId) {
+      // Verify user hasn't changed before deletion
+      const validation = validateUserUnchanged(auth, originalUserId);
+      if (!('valid' in validation)) {
+        // User changed - validation is a FailureResult
         if (typeof __DEV__ !== "undefined" && __DEV__) {
           console.log("[deleteCurrentUser] User changed during operation");
         }
         return {
           success: false,
-          error: { code: "auth/user-changed", message: "User changed during operation" },
+          error: validation.error,
           requiresReauth: false
         };
       }
@@ -131,7 +133,7 @@ export async function deleteCurrentUser(
       if (typeof __DEV__ !== "undefined" && __DEV__) {
         console.error("[deleteCurrentUser] deleteUser failed:", error);
       }
-      const errorInfo = toAuthErrorInfo(error);
+      const errorInfo = toErrorInfo(error, 'auth/failed');
       const code = errorInfo.code;
       const message = errorInfo.message;
 
@@ -160,17 +162,18 @@ async function attemptReauth(user: User, options: AccountDeletionOptions, origin
     console.log("[attemptReauth] Called");
   }
 
-  // FIX: Verify user hasn't changed if originalUserId provided
+  // Verify user hasn't changed if originalUserId provided
   if (originalUserId) {
     const auth = getFirebaseAuth();
-    const currentUserId = auth?.currentUser?.uid;
-    if (currentUserId && currentUserId !== originalUserId) {
+    const validation = validateUserUnchanged(auth, originalUserId);
+    if (!('valid' in validation)) {
+      // User changed - validation is a FailureResult
       if (typeof __DEV__ !== "undefined" && __DEV__) {
         console.log("[attemptReauth] User changed during reauthentication");
       }
       return {
         success: false,
-        error: { code: "auth/user-changed", message: "User changed during operation" },
+        error: validation.error,
         requiresReauth: false
       };
     }
@@ -269,16 +272,21 @@ async function attemptReauth(user: User, options: AccountDeletionOptions, origin
       const auth = getFirebaseAuth();
       const currentUser = auth?.currentUser || user;
 
-      // FIX: Final verification before deletion
-      if (originalUserId && currentUser.uid !== originalUserId) {
-        if (typeof __DEV__ !== "undefined" && __DEV__) {
-          console.log("[attemptReauth] User changed after reauthentication");
+      // Final verification before deletion
+      if (originalUserId) {
+        const auth = getFirebaseAuth();
+        const validation = validateUserUnchanged(auth, originalUserId);
+        if (!('valid' in validation)) {
+          // User changed - validation is a FailureResult
+          if (typeof __DEV__ !== "undefined" && __DEV__) {
+            console.log("[attemptReauth] User changed after reauthentication");
+          }
+          return {
+            success: false,
+            error: validation.error,
+            requiresReauth: false
+          };
         }
-        return {
-          success: false,
-          error: { code: "auth/user-changed", message: "User changed during operation" },
-          requiresReauth: false
-        };
       }
 
       if (typeof __DEV__ !== "undefined" && __DEV__) {
@@ -295,7 +303,7 @@ async function attemptReauth(user: User, options: AccountDeletionOptions, origin
       if (typeof __DEV__ !== "undefined" && __DEV__) {
         console.error("[attemptReauth] deleteUser failed after reauth:", err);
       }
-      const errorInfo = toAuthErrorInfo(err);
+      const errorInfo = toErrorInfo(err, 'auth/failed');
       return {
         success: false,
         error: { code: errorInfo.code, message: errorInfo.message },
@@ -330,7 +338,7 @@ export async function deleteUserAccount(user: User | null): Promise<AccountDelet
     await deleteUser(user);
     return successResult();
   } catch (error: unknown) {
-    const errorInfo = toAuthErrorInfo(error);
+    const errorInfo = toErrorInfo(error, 'auth/failed');
     return {
       success: false,
       error: { code: errorInfo.code, message: errorInfo.message },

package/src/domains/account-deletion/infrastructure/services/reauthentication.service.ts

@@ -13,7 +13,7 @@ import {
 import * as AppleAuthentication from "expo-apple-authentication";
 import { Platform } from "react-native";
 import { generateNonce, hashNonce } from "../../../auth/infrastructure/services/crypto.util";
-import { executeOperation, failureResultFrom, toAuthErrorInfo, ERROR_MESSAGES } from "../../../../shared/domain/utils";
+import { executeOperation, failureResultFrom, toErrorInfo, ERROR_MESSAGES } from "../../../../shared/domain/utils";
 import { isCancelledError } from "../../../../shared/domain/utils/error-handler.util";
 import type {
   ReauthenticationResult,
@@ -123,7 +123,7 @@ export async function getAppleReauthCredential(): Promise<ReauthCredentialResult
       credential
     };
   } catch (error: unknown) {
-    const errorInfo = toAuthErrorInfo(error);
+    const errorInfo = toErrorInfo(error, 'auth/failed');
     const code = isCancelledError(errorInfo) ? "auth/cancelled" : errorInfo.code;
     return {
       success: false,

package/src/domains/auth/domain/utils/user-metadata.util.ts

@@ -0,0 +1,72 @@
+/**
+ * User Metadata Utilities
+ * Shared utilities for working with Firebase user metadata
+ * Eliminates duplicate isNewUser logic across auth services
+ */
+
+import type { UserCredential, User, UserMetadata } from 'firebase/auth';
+
+/**
+ * Check if user is new based on metadata timestamps
+ * Compares creation time and last sign-in time to determine if this is the user's first login
+ *
+ * A user is considered "new" if their account creation time matches their last sign-in time,
+ * indicating this is their first authentication.
+ *
+ * @param input - UserCredential, User, or UserMetadata to check
+ * @returns True if user is new (first sign-in), false otherwise
+ *
+ * @example
+ * ```typescript
+ * // From UserCredential
+ * const credential = await signInWithCredential(auth, oauthCredential);
+ * if (isNewUser(credential)) {
+ *   // Show onboarding
+ * }
+ *
+ * // From User object
+ * const user = auth.currentUser;
+ * if (user && isNewUser(user)) {
+ *   // First time user
+ * }
+ *
+ * // From UserMetadata directly
+ * if (isNewUser(user.metadata)) {
+ *   // New user
+ * }
+ * ```
+ */
+export function isNewUser(userCredential: UserCredential): boolean;
+export function isNewUser(user: User): boolean;
+export function isNewUser(metadata: UserMetadata): boolean;
+export function isNewUser(input: UserCredential | User | UserMetadata): boolean {
+  let metadata: UserMetadata;
+
+  // Extract metadata from different input types
+  if ('user' in input) {
+    // UserCredential
+    metadata = input.user.metadata;
+  } else if ('metadata' in input) {
+    // User
+    metadata = input.metadata;
+  } else {
+    // UserMetadata
+    metadata = input;
+  }
+
+  const { creationTime, lastSignInTime } = metadata;
+
+  // Validate timestamps exist and are strings
+  if (
+    !creationTime ||
+    !lastSignInTime ||
+    typeof creationTime !== 'string' ||
+    typeof lastSignInTime !== 'string'
+  ) {
+    return false;
+  }
+
+  // Convert to timestamps for reliable comparison
+  // If creation time === last sign in time, this is the first sign-in
+  return new Date(creationTime).getTime() === new Date(lastSignInTime).getTime();
+}

package/src/domains/auth/domain/utils/user-validation.util.ts

@@ -0,0 +1,77 @@
+/**
+ * User Validation Utilities
+ * Shared utilities for validating user state during operations
+ * Eliminates duplicate user validation patterns in account deletion and reauthentication
+ */
+
+import type { Auth } from 'firebase/auth';
+import { failureResultFrom } from '../../../../shared/domain/utils/result/result-creators';
+import { ERROR_MESSAGES } from '../../../../shared/domain/utils/error-handlers/error-messages';
+import type { FailureResult } from '../../../../shared/domain/utils/result/result-types';
+
+/**
+ * Validate that current user hasn't changed during operation
+ * Common pattern in account deletion and reauthentication flows
+ *
+ * This ensures operations complete on the same user that started them,
+ * preventing race conditions where user signs out/in during sensitive operations.
+ *
+ * @param auth - Firebase Auth instance (can be null)
+ * @param originalUserId - User ID captured at operation start
+ * @returns Success indicator or failure result if user changed
+ *
+ * @example
+ * ```typescript
+ * const originalUserId = auth.currentUser?.uid;
+ * if (!originalUserId) {
+ *   return failureResultFrom('auth/no-user', 'No user signed in');
+ * }
+ *
+ * // ... perform operation ...
+ *
+ * const validation = validateUserUnchanged(auth, originalUserId);
+ * if (!validation.valid) {
+ *   return validation; // Return the failure result
+ * }
+ * ```
+ */
+export function validateUserUnchanged(
+  auth: Auth | null,
+  originalUserId: string
+): { valid: true } | FailureResult {
+  const currentUserId = auth?.currentUser?.uid;
+
+  if (currentUserId !== originalUserId) {
+    if (typeof __DEV__ !== 'undefined' && __DEV__) {
+      console.log(
+        `[validateUserUnchanged] User changed during operation. Original: ${originalUserId}, Current: ${currentUserId || 'none'}`
+      );
+    }
+    return failureResultFrom(
+      'auth/user-changed',
+      ERROR_MESSAGES.AUTH.USER_CHANGED || 'User changed during operation'
+    );
+  }
+
+  return { valid: true };
+}
+
+/**
+ * Capture current user ID for later validation
+ * Returns null if no user is signed in
+ *
+ * @param auth - Firebase Auth instance
+ * @returns Current user ID or null
+ *
+ * @example
+ * ```typescript
+ * const auth = getFirebaseAuth();
+ * const originalUserId = captureUserId(auth);
+ * if (!originalUserId) {
+ *   return failureResultFrom('auth/no-user', 'No user signed in');
+ * }
+ * ```
+ */
+export function captureUserId(auth: Auth | null): string | null {
+  return auth?.currentUser?.uid ?? null;
+}

package/src/domains/auth/infrastructure/services/apple-auth.service.ts

@@ -15,7 +15,9 @@ import type { AppleAuthResult } from "./apple-auth.types";
 import {
   isCancellationError,
 } from "./base/base-auth.service";
-import { executeAuthOperation, isSuccess, type Result } from "../../../../shared/domain/utils";
+import { executeAuthOperation, type Result } from "../../../../shared/domain/utils";
+import { isNewUser as checkIsNewUser } from "../../domain/utils/user-metadata.util";
+import { convertToOAuthResult } from "./utils/auth-result-converter.util";
 
 // Conditional import - expo-apple-authentication is optional
 let AppleAuthentication: any = null;
@@ -42,19 +44,7 @@ export class AppleAuthService {
   }
 
   private convertToAppleAuthResult(result: Result<{ userCredential: any; isNewUser: boolean }>): AppleAuthResult {
-    // FIX: Use isSuccess() type guard instead of manual check
-    if (isSuccess(result) && result.data) {
-      return {
-        success: true,
-        userCredential: result.data.userCredential,
-        isNewUser: result.data.isNewUser,
-      };
-    }
-    return {
-      success: false,
-      error: result.error?.message ?? "Apple sign-in failed",
-      code: result.error?.code,
-    };
+    return convertToOAuthResult(result, "Apple sign-in failed");
   }
 
   async signIn(auth: Auth): Promise<AppleAuthResult> {
@@ -99,19 +89,8 @@ export class AppleAuthService {
 
       const userCredential = await signInWithCredential(auth, credential);
 
-      // Check if user is new by comparing metadata timestamps
-      // Convert to timestamps for reliable comparison (string comparison can be unreliable)
-      const creationTime = userCredential.user.metadata.creationTime;
-      const lastSignInTime = userCredential.user.metadata.lastSignInTime;
-
-      // FIX: Add typeof validation for metadata timestamps
-      const isNewUser =
-        creationTime &&
-        lastSignInTime &&
-        typeof creationTime === 'string' &&
-        typeof lastSignInTime === 'string'
-          ? new Date(creationTime).getTime() === new Date(lastSignInTime).getTime()
-          : false;
+      // Check if user is new using shared utility
+      const isNewUser = checkIsNewUser(userCredential);
 
       return {
         userCredential,

package/src/domains/auth/infrastructure/services/auth-guard.service.ts

@@ -12,6 +12,7 @@ import {
   getCurrentUser,
 } from './auth-utils.service';
 import { ERROR_MESSAGES } from '../../../../shared/domain/utils/error-handlers/error-messages';
+import { withAuth, withAuthSync } from '../utils/auth-guard.util';
 
 /**
  * Auth Guard Service
@@ -23,26 +24,33 @@ export class AuthGuardService {
    * @throws Error if user is not authenticated
    */
   async requireAuthenticatedUser(): Promise<string> {
-    const auth = getFirebaseAuth();
-    if (!auth) {
-      throw new Error(ERROR_MESSAGES.AUTH.NOT_INITIALIZED);
-    }
+    const result = await withAuth(async (auth) => {
+      const userId = getCurrentUserId(auth);
+      if (!userId) {
+        throw new Error(ERROR_MESSAGES.AUTH.NOT_AUTHENTICATED);
+      }
 
-    const userId = getCurrentUserId(auth);
-    if (!userId) {
-      throw new Error(ERROR_MESSAGES.AUTH.NOT_AUTHENTICATED);
-    }
+      const currentUser = getCurrentUser(auth);
+      if (!currentUser) {
+        throw new Error(ERROR_MESSAGES.AUTH.NOT_AUTHENTICATED);
+      }
+
+      if (currentUser.isAnonymous) {
+        throw new Error(ERROR_MESSAGES.AUTH.NON_ANONYMOUS_ONLY);
+      }
+
+      return userId;
+    });
 
-    const currentUser = getCurrentUser(auth);
-    if (!currentUser) {
-      throw new Error(ERROR_MESSAGES.AUTH.NOT_AUTHENTICATED);
+    if (!result.success) {
+      throw new Error(result.error?.message || 'Authentication failed');
     }
 
-    if (currentUser.isAnonymous) {
-      throw new Error(ERROR_MESSAGES.AUTH.NON_ANONYMOUS_ONLY);
+    if (!result.data) {
+      throw new Error('No user ID returned');
     }
 
-    return userId;
+    return result.data;
   }
 
   /**
@@ -61,35 +69,33 @@ export class AuthGuardService {
    * Check if current user is authenticated (not guest)
    */
   isAuthenticated(): boolean {
-    const auth = getFirebaseAuth();
-    if (!auth) {
-      return false;
-    }
+    const result = withAuthSync((auth) => {
+      const currentUser = getCurrentUser(auth);
+      if (!currentUser) {
+        return false;
+      }
 
-    const currentUser = getCurrentUser(auth);
-    if (!currentUser) {
-      return false;
-    }
+      // User must not be anonymous
+      return !currentUser.isAnonymous;
+    });
 
-    // User must not be anonymous
-    return !currentUser.isAnonymous;
+    return result.success && result.data ? result.data : false;
   }
 
   /**
    * Check if current user is guest (anonymous)
    */
   isGuest(): boolean {
-    const auth = getFirebaseAuth();
-    if (!auth) {
-      return false;
-    }
+    const result = withAuthSync((auth) => {
+      const currentUser = getCurrentUser(auth);
+      if (!currentUser) {
+        return false;
+      }
 
-    const currentUser = getCurrentUser(auth);
-    if (!currentUser) {
-      return false;
-    }
+      return currentUser.isAnonymous;
+    });
 
-    return currentUser.isAnonymous;
+    return result.success && result.data ? result.data : false;
   }
 }
 

package/src/domains/auth/infrastructure/services/base/base-auth.service.ts

@@ -6,7 +6,7 @@
  */
 
 import type { UserCredential } from 'firebase/auth';
-import { authErrorConverter, type Result } from '../../../../../shared/domain/utils';
+import { toErrorInfo, type Result } from '../../../../../shared/domain/utils';
 
 /**
  * Authentication result with user credential
@@ -45,7 +45,7 @@ export function isCancellationError(error: unknown): boolean {
  * Create failure result from error
  */
 export function createFailureResult(error: unknown): { success: false; error: { code: string; message: string } } {
-  const errorInfo = authErrorConverter(error);
+  const errorInfo = toErrorInfo(error, 'auth/failed');
   return {
     success: false,
     error: errorInfo,

package/src/domains/auth/infrastructure/services/email-auth.service.ts

@@ -13,7 +13,8 @@ import {
   type User,
 } from "firebase/auth";
 import { getFirebaseAuth } from "../config/FirebaseAuthClient";
-import { executeOperation, failureResultFrom, successResult, toAuthErrorInfo, type Result, ERROR_MESSAGES } from "../../../../shared/domain/utils";
+import { executeOperation, failureResultFrom, successResult, type Result, ERROR_MESSAGES } from "../../../../shared/domain/utils";
+import { withAuth } from "../utils/auth-guard.util";
 
 export interface EmailCredentials {
   email: string;
@@ -30,22 +31,14 @@ export async function signInWithEmail(
   email: string,
   password: string
 ): Promise<EmailAuthResult> {
-  const auth = getFirebaseAuth();
-  if (!auth) {
-    return failureResultFrom("auth/not-ready", ERROR_MESSAGES.AUTH.NOT_INITIALIZED);
-  }
-
-  try {
+  return withAuth(async (auth) => {
     const userCredential = await signInWithEmailAndPassword(
       auth,
       email.trim(),
       password
     );
-    return { success: true, data: userCredential.user };
-  } catch (error) {
-    // FIX: Use toAuthErrorInfo() instead of unsafe cast
-    return { success: false, error: toAuthErrorInfo(error) };
-  }
+    return userCredential.user;
+  });
 }
 
 /**
@@ -55,12 +48,7 @@ export async function signInWithEmail(
 export async function signUpWithEmail(
   credentials: EmailCredentials
 ): Promise<EmailAuthResult> {
-  const auth = getFirebaseAuth();
-  if (!auth) {
-    return failureResultFrom("auth/not-ready", ERROR_MESSAGES.AUTH.NOT_INITIALIZED);
-  }
-
-  try {
+  return withAuth(async (auth) => {
     const currentUser = auth.currentUser;
     const isAnonymous = currentUser?.isAnonymous ?? false;
     let userCredential;
@@ -84,7 +72,6 @@ export async function signUpWithEmail(
     // Update display name if provided (non-critical operation)
     if (credentials.displayName && userCredential.user) {
       const trimmedName = credentials.displayName.trim();
-      // FIX: Only update if non-empty after trim
       if (trimmedName.length > 0) {
         try {
           await updateProfile(userCredential.user, {
@@ -98,11 +85,8 @@ export async function signUpWithEmail(
       }
     }
 
-    return { success: true, data: userCredential.user };
-  } catch (error) {
-    // FIX: Use toAuthErrorInfo() instead of unsafe cast
-    return { success: false, error: toAuthErrorInfo(error) };
-  }
+    return userCredential.user;
+  });
 }
 
 /**
@@ -126,22 +110,18 @@ export async function linkAnonymousWithEmail(
   email: string,
   password: string
 ): Promise<EmailAuthResult> {
-  const auth = getFirebaseAuth();
-  if (!auth || !auth.currentUser) {
-    return failureResultFrom("auth/not-ready", ERROR_MESSAGES.AUTH.NO_USER);
-  }
+  return withAuth(async (auth) => {
+    const currentUser = auth.currentUser;
+    if (!currentUser) {
+      throw new Error(ERROR_MESSAGES.AUTH.NO_USER);
+    }
 
-  const currentUser = auth.currentUser;
-  if (!currentUser.isAnonymous) {
-    return failureResultFrom("auth/invalid-action", ERROR_MESSAGES.AUTH.INVALID_USER);
-  }
+    if (!currentUser.isAnonymous) {
+      throw new Error(ERROR_MESSAGES.AUTH.INVALID_USER);
+    }
 
-  try {
     const credential = EmailAuthProvider.credential(email.trim(), password);
     const userCredential = await linkWithCredential(currentUser, credential);
-    return { success: true, data: userCredential.user };
-  } catch (error) {
-    // FIX: Use toAuthErrorInfo() instead of unsafe cast
-    return { success: false, error: toAuthErrorInfo(error) };
-  }
+    return userCredential.user;
+  });
 }

package/src/domains/auth/infrastructure/services/google-auth.service.ts

@@ -9,8 +9,10 @@ import {
   type Auth,
 } from "firebase/auth";
 import type { GoogleAuthConfig, GoogleAuthResult } from "./google-auth.types";
-import { executeAuthOperation, isSuccess, type Result } from "../../../../shared/domain/utils";
+import { executeAuthOperation, type Result } from "../../../../shared/domain/utils";
 import { ConfigurableService } from "../../../../shared/domain/utils/service-config.util";
+import { isNewUser as checkIsNewUser } from "../../domain/utils/user-metadata.util";
+import { convertToOAuthResult } from "./utils/auth-result-converter.util";
 
 /**
  * Google Auth Service
@@ -25,19 +27,7 @@ export class GoogleAuthService extends ConfigurableService<GoogleAuthConfig> {
   }
 
   private convertToGoogleAuthResult(result: Result<{ userCredential: any; isNewUser: boolean }>): GoogleAuthResult {
-    // FIX: Use isSuccess() type guard instead of manual check
-    if (isSuccess(result) && result.data) {
-      return {
-        success: true,
-        userCredential: result.data.userCredential,
-        isNewUser: result.data.isNewUser,
-      };
-    }
-    return {
-      success: false,
-      error: result.error?.message ?? "Google sign-in failed",
-      code: result.error?.code,
-    };
+    return convertToOAuthResult(result, "Google sign-in failed");
   }
 
   async signInWithIdToken(
@@ -48,19 +38,8 @@ export class GoogleAuthService extends ConfigurableService<GoogleAuthConfig> {
       const credential = GoogleAuthProvider.credential(idToken);
       const userCredential = await signInWithCredential(auth, credential);
 
-      // Check if user is new by comparing metadata timestamps
-      // Convert to timestamps for reliable comparison (string comparison can be unreliable)
-      const creationTime = userCredential.user.metadata.creationTime;
-      const lastSignInTime = userCredential.user.metadata.lastSignInTime;
-
-      // FIX: Add typeof validation for metadata timestamps
-      const isNewUser =
-        creationTime &&
-        lastSignInTime &&
-        typeof creationTime === 'string' &&
-        typeof lastSignInTime === 'string'
-          ? new Date(creationTime).getTime() === new Date(lastSignInTime).getTime()
-          : false;
+      // Check if user is new using shared utility
+      const isNewUser = checkIsNewUser(userCredential);
 
       return {
         userCredential,